hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 07:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c19085e56e6830c190efd307c271f44851ed06df
codeql/javascript/ql/test/experimental/Security/CWE-347/localsource/jwtDecode.js

18 lines
339 B
JavaScript
Raw Blame History

const express = require('express')
const jwt_decode = require('jwt-decode');
function getSecret() {
return "A Safe generated random key"
}
function aJWT() {
return "A JWT provided by user"
}
(function () {
const UserToken = aJwt()
// jwt-decode
// no signature verification
jwt_decode(UserToken) // NOT OK
})();
Reference in New Issue View Git Blame Copy Permalink